package cn.itcast.serivice;

import cn.itcast.service.MenuService;
import cn.itcast.service.UserService;
import com.alibaba.dubbo.config.annotation.Reference;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import org.springframework.util.AntPathMatcher;

import javax.servlet.http.HttpServletRequest;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

@Service
public class RbacService {
    private AntPathMatcher antPathMatcher = new AntPathMatcher();

    @Reference
    private UserService userService;

    @Reference
    private MenuService menuService;

    public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
        Object principal = authentication.getPrincipal();
        boolean hasPermission = false;
        if (principal instanceof UserDetails) { //首先判断先当前用户是否是我们UserDetails对象。
            String username = ((UserDetails) principal).getUsername();

            List<String> permissionList = userService.findPermissionByUsername(username);

//            // 注意这里不能用equal来判断，因为有些URL是有参数的，所以要用AntPathMatcher来比较
//            for (String url : urls) {
//                if (antPathMatcher.match(url, request.getRequestURI())) {
//                    hasPermission = true;
//                    break;
//                }
//            }


        }
        return hasPermission;
    }
}
